堆棧內存溢出
  簡體   English   中英

如何創建自簽名證書來簽署 MimeKit 消息?

[英]How to create a self-sign certificate to sign a MimeKit Message?

 原文  2018-10-01 14:03:39       c#/ certificate/ x509certificate2/ mimekit

問題描述

如何創建適合簽署 MimeKit 消息的開發自簽名證書?

MimeKit 有自己的 CmsSigner。 當我嘗試將證書加載到 MimeKit CmsSigner 中時:

X509Certificate2 cert = new X509Certificate2(@"cert.pfx", "xpto", X509KeyStorageFlags.Exportable);
var signer = new MimeKit.Cryptography.CmsSigner(cert);

它拋出:

“證書不能用於簽名。”

2 個解決方案

解決方案1
 0 已采納  2018-10-01 17:57:47

問題在於,CmsSign使用的默認算法必須與用於創建證書密鑰(在我的情況下為SHA1)的算法相同。

這里是如何為S / MIME證書加載的: 

X509Certificate2 cert = new X509Certificate2(@"ca.p12", "xpto", X509KeyStorageFlags.Exportable);
var signer = new CmsSigner(cert);
signer.DigestAlgorithm = DigestAlgorithm.Sha1;
MultipartSigned.Create( signer, mimeMessage.Body);

解決方案2
 0  2022-12-30 12:01:00

 var message = new MimeMessage() {  ... };

// Load your x509 certificate
x509certificate2 cert = new x509certificate2("d:\\mycer.pfx", "123456789", x509keystorageflags.exportable);

// CmsSigner = CMS = Cryptographic Message Syntax = a standard syntax for storing signed and/or encrypted data
var signer = new cmssigner(cert);
signer.digestalgorithm = digestalgorithm.sha256;

// This will sign the message body using our certificate which includes our organisation name
// Needs this package to run: https://www.nuget.org/packages/System.Data.SQLite/
message.body = multipartsigned.create(signer, message.body); 


// Getting the private key from the pfx file
// https://www.asptricks.net/2016/09/how-to-export-private-key-from.html
RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert.PrivateKey;
AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetRsaKeyPair(rsa);
var myCAprivateKey = keyPair.Private;
                
                
// Now sign the message with the private key only to authenticate DKIM
DkimSigner Signer = new DkimSigner(
 myCAprivateKey,
 "mydomain.com", // your domain name
 "myDKIM")      // The dkim selector on  your domain's DNS (txt record)
{
    HeaderCanonicalizationAlgorithm = DkimCanonicalizationAlgorithm.Relaxed,
    BodyCanonicalizationAlgorithm = DkimCanonicalizationAlgorithm.Relaxed,
    AgentOrUserIdentifier = "@mydomain.com", // your domain name
    QueryMethod = "dns/txt",
    SignatureAlgorithm = DkimSignatureAlgorithm.RsaSha1
};
Signer.Sign(message, headers);


// do your sending logic

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 對Intranet應用程序使用自簽名證書 如何在 mimekit 中使用 RSASSA-PSS 簽署消息正文? 如何對使用SharpDeveloper或內置csc.exe生成的.NET exe進行自簽名? 使用MIMEKIT使用數字證書對純文本文件進行簽名和加密 電子郵件服務器上的自簽名證書 創建並簽署證書 使用 MimeKit 進行 cms 簽名和驗證 如何通過其他證書簽署證書 如何用證書和私鑰簽名電子郵件? 如何使用證書簽署 ActiveX DLL
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM